Hacking New Hampshire
by wilmot
Summary: We know little of Raven's backstory but based on what little we do know this is my fill in.
1. Chapter 1

_**A/N1 Of course I don't own CSI: Cyber. I'm just borrowing a character or two.**_

 _ **A/N2 I don't know if New Hampshire's power grid uses a Juniper firewall but I do know that those firewalls were vulnerable for a time. Check Wired for some details.**_

 _ **A/N3 In the series references are made to the 'deep web' as if that were all evil. In fact the term is used to mean any part of the internet that isn't indexed by regular search engines like Google.**_

 _ **That would include the machine I am typing this on. The evil part is a subset of the deepweb called the 'dark net' which is much smaller.**_

 _Somewhere in New York._

"Ah: Juniper firewall!" Raven thought. She had read about weaknesses in this brand. There was a master password that had been hard coded into the operating system and she and a group of online friends had found it by reverse engineering the code.

This meant she was through to the internal network but she'd have to stop now and go to the diner where she worked, got to pay the rent somehow, so she would start nmap off on its work to map the internal network, sending the output to a file, and queued up a poweroff afterwards, Backtrack, the Linux distro she was using, would save the file for her.

Raven had taken the job at the diner out of necessity. After she'd dropped out of high school her

parents had basically given her an ultimatum: "Go back to school or get out of the house." She had gone upstairs and packed. If she had looked back as she left she would have seen her parents having one enormous argument with her mother in tears. But she didn't.

She had found a place to sleep and the job quickly. She had taken a little longer to find an apartment with internet access but she had managed. Her beloved GameVex under the TV and her laptop, on which, without her parents' knowledge she had installed a copy of backtrack linux, had been with her throughout. While she had been with her parents the linux distro had been in a VirtualBox accessible only via a hidden user on Windows out of necessity. Now however it had its own partitions on her laptop's hard disc and could be accessed via the boot menu.

She taken a look at the New Hampshire power grid because that was where her father worked. She had originally thought of destroying his employment record. But she decided that would be too obvious, not as obvious as the changes she'd made to her high school grades perhaps. But this would be investigated by people a lot smarter than the stupid teachers at her high school.

So she had started prodding the company's website. She had even found some vulnerabilities but none that would allow her to do the kind of damage she wanted to. So she'd now turned her attention to open ports on the company's main servers. But in order to do that she had had to get through the firewall.

When she got back from the diner she printed the nmap output and from that she drew a map of the network. Then she selected machines that might have subnets off them and set nmap to work on those while she ran her own port scanners to probe the others.

There were risks in all this of course, a sharp eyed sysadmin looking at the logs was one, but she was using tor and a dark net proxy server so she was pretty sure that the suspicious activity would never be traced back to her.

This became her routine over the next few days: sleep, map, eat, work, repeat.

After four days she'd mapped the entire network as far as she could tell. Open ports had been mapped too. Now it was time to make some decisions. As far as she could tell the power grid itself was controlled by a Windows server called "gridserv", the name was a bit obvious but hey. Unusually it had a remote login port open. Better, from her point of view, it was unencrypted. This smelt like a trap though. So she proceeded with caution.

She installed a key logger and a packet sniffer on the target to make sure this wasn't a trap and to find out more, sending the output to a dark net equivalent of pastebin located somewhere, probably Russia, could be Tibet or anywhere out of US law enforcement's reach. Perhaps it was Bolivia, but who cared? The nice thing about it was there was no connection between the file being sent and it being retrieved. It bounced around servers, was retrieved using different credentials from the ones used to post it.

After a day she could tell that this machine wasn't the main grid controller but she also discovered that the engineers had a web based control system. She had gathered fragments of the web traffic between gridserv and the machine that appeared to actually control the grid. And she had got one of the engineer's login details, astonishingly the login wasn't encrypted.

If this was a trap it was an extremely sophisticated one.

She decided to try out what she was going to do next by building a virtual equivalent of gridserv on her laptop. Using VirtualBox she built her own copy of gridserv, copying files when she needed to via the dark net pastebin. Again a sharp eyed sysadmin would have spotted what she was up to but by now she was sure that the New Hampshire Power company didn't employ such a creature. No surprise really: it employed her dad after all.

Over the next few days she played about with the virtual power grid, finding weak points and seeing what she could do.

Then she sent out the message to an anonymous hacker board: "Make sure your uninteruptables are topped up." This was signal to other hackers that someone was going to take down a power grid somewhere.

On the day she felt excited, she was working at the diner but had left cron, the Linux scheduler, to do the jobs for her via the dark net.

The news came through on the diner's TV at 16:30 EST: The great state of New Hampshire was suffering power problems, engineers were working to fix them. In the meantime hospitals were on generators and TV was off the air, drivers were urged to take care as the traffic lights were out. People were urged to check on old and vulnerable neighbours.

Everyone else in the diner looked at the TV with horror and concern. What had happened? Was this the beginning of a new scandal to rival Enron? If anyone had looked at Raven's face they would have seen her trying to suppress a smile, and almost succeeding.


	2. Chapter 2

_**A/N Of course I don't own CSI: Cyber. I'm just borrowing a character or two.**_

 _Simon Sifter's office, FBI HQ Washington DC_

Avery Ryan knocked on the door. Elijah Mundo was already in the office with Assistant Director Sifter.

"Ah! Come in Avery, let me introduce you to Elijah Mundo, former Marine who has become an FBI Special Agent. He'll be joining us in the Cyber Division from today." Sifter got straight down to business.

As Avery shook hands with Elijah she looked quizzically at Sifter.

"Agent Mundo was a Signals and Computer specialist in the Marines." Sifter continued. A look of understanding came across Avery''s face. So he might be useful for more than just muscle after all!

"Normally I'd suggest you two get to know each other a bit but I'm afraid something urgent has come up. You may have seen on the news about the power outage in New Hampshire yesterday afternoon. Well it seems like that was a cyber intrusion and the person who did it is going on the Cyber Most Wanted list. Power should be back up in the state by this afternoon but a lot of damage has been done. One of the engineers is currently under arrest because his credentials were used to take down the grid. There's a plane on the tarmac to take the two of you to Concord. Special Agent Krumitz. Do you want to take him?"

"For the moment I think Krumitz would be more useful here." said Avery.

"OK it's your decision."

With that Avery and Elijah left the office.

"I just need to talk to Krumitz and then we'll go." Avery said as they reached the cramped quarters that had been allocated to the new Cyber Crimes division of the FBI.

 _Somewhere in New York._

Raven was pretty pleased with herself. Her reputation as a hacker had now been enhanced. She had been invited to take part in some other projects and was deciding which ones to join, some had fees attached. But there was one project she had jumped at joining: making a linux distro for the GameVexi with hacking tools in it.

This involved hacking some of the GV's firmware, Raven had some experience of disassembling firmware from hacking the Juniper firewall so was initially asked to help with this aspect of the project.

 _Concord, New Hampshire, FBI Field Office_

Avery has just finished interviewing the engineer that had been arrested, it did not go well. It seemed this man genuinely had no idea how his credentials came to be used to take down the power grid.

"He doesn't know anything so I have asked for him to be released." Avery told Elijah."Let's get the system logs to Krumitz, see if he can do anything."

"Will do!"

"Whoever our hacker is: they're going to be a celebrity in that world now. That makes it harder to maintain anonymity, let's see if we can use that. I'll get Krumitz to look at Dark Net social media."

"Sorry, the Dark Net has its own social media?"

"Yes, Elijah they have chat rooms,, message boards: it's a shadow world, like any underground. You've seen 4chan? That is gentle compared to some of this stuff. But people can only enter most of the boards and chat rooms by invitation, which makes it difficult for law enforcement. Fortunately we have one of the best white hat hackers in the world in Krumitz."

"White hat?"

"Yes, you remember the old western movies? You could tell the good guys from the bad guys by the colour of their hats?"

"Well yeah..." Then realisation dawned. "Oh so that imagery has been imported here. Our target is a black hat hacker?"

"Yes, only there are no physical hats, which makes it more difficult!"

Both laughed.

"Oh and there are grey hats too, but I'll explain those when we come across them."

 _A day later Somewhere in New York_

Raven was taking delivery of a new GameVex. This one was provided by the hacker collective who were doing the linux distro. It was for experiments. Elsewhere the roms and microcontrolers had given up their data and this had been sent to her to be disassembleii..

 _Concord_

Avery's phone rang.

"Krumitz, I'll put him on speaker."

"Hi" Krumitz's voice echoed a little.

"Hello Daniel, I've put you on speaker so Elijah can hear you too, what do you have for us?"

"Okayyyy. Right there was some stuff in the logs. Basically our hacker is good at this and cautious."

"Taking down a power grid doesn't sound like caution to me!" Elijah interjected.

"Well he is. He found his way through the firewall, mapped the entire network, scanned all the ports. Then installed a keylogger, downloaded files, probably installed a packet sniffer. And yet he's untraceable." Daniel's voice sounded a little irritated.

"A keylogger? So that's how he got the log in details. The file downloding, anything significant there?" Avery was intrigued, this was a good opponent. Maybe, if she could turn him, a second candidate for a programme that she was about to propose to Sifter.

"I think he may have built a virtual version of the network to try things out on." Daniel's voice had a note of triumph in it as he heard Elijah blow out his cheeks.

"I see what you mean about cautious. But how can you be untraceable? I thought you left digital crumbs wherever you went on the internet." Elijah was, despite himself, impressed, both with fat boy and the hacker.

"Well that is kind of true on the surface web. Our target was using the dark net, and, probably, tor. On the dark net things are done differently. Messages bounce around between proxies, go via countries which wont cooperate with the US. And even if they did the chains are often so long and tortuous that they are impossible to follow."

"OK, thankyou Daniel, anything on the social media?" Avery was convinced that this was how the target would trip up.

"Yes, well maybe, a user called "dUnc3" posted that people should make sure their uninteruptable power supplies were topped up a few days before the hack. The same user is being credited with the hack. But that may be a red herring..."

"OK that'll have to do, try to find out who dUnc3 is. See if he's used the same handle elsewhere, good luck." said Avery as she ended the call.

"To get a keylogger on the machine he'd have to have admin access wouldn't he? How did he get that?" Elijah thought, out loud.

"Good question. We should ask about remote logins. I'll ring Krumitz you talk to their techs. Also

see if they have an email archive in case someone got spearphished."

"Sorry still catching up with civilian terminology, Speafished?"

"You're familiar with phishing?" Elijah nodded, "Well Spearphishing is just a more targeted form of phishing. The spearphisher knows his target, the email may have appeared to have come from a senior tech telling the techs to change their passwords using a link that looked legitimate. In reality it will have been to a website set up by our hacker, it will look just like the internal password change screen. It only takes one tech to click on the link to give our hacker a way in."

"Then why install the keylogger?"

"Our hacker is clever and cautious. He doesn't want the email linked to the attack. So install the keylogger to obtain other credentials."

"This is one clever hacker."

i To quote Raven from _Ghost in the Machine_ (S1E11) "Game Consoles are also computers". There are distributions of linux for the XBOX, GameCube, Wii and even the DS! There was a linux distribution for the PS3, at least until Sony tried to stop it.

ii The language that computers use natively is called an assembly language and disassembly is the process of turning the binary code version of this back into more or less human readable format.


	3. Chapter 3

_**A/N1 Of course I don't own CSI: Cyber. I'm just borrowing a character or two.**_

 _ **A/N2 Thanks for the reviews, the follows and the favourites, always encouraging to know others are enjoying my stories.**_

 _FBI HQ 28 days later_

FBI Assistant Director Sifter is reviewing the case file with the Director.

"My team has followed every lead on this, as we do on all our cases. Somtimes you just have to wait for the gopher to stick its head out again."

"Gopher?"

"Yeah something someone said to me about Cyber Criminals: they're like gophers, if not caught when they stick their head out... The point is that sometimes a Cyber Criminal is so good at hiding his tracks that even the best people in the world can't get them the first time. With Cyber Crime there are no eye witnesses, no DNA, no fingerprints, and in this case probably no crew. You're left chasing a ghost."

"Hard to believe this is the act of a single individual..."

"Well look at the Kitty case, OK he hired hit-men, but the cyber part of that was the work of a single reclusive individual. Or the bank heist. Or any of a number of other cases. Now if we had better kit it would help, if we had more people it would help. What I saw last week in France, in a regional office of the Gendarme..."

The Director sighed, if he heard about another leg of Sifter's trip to Europe he'd go mad. He'd already heard about work being done in the UK on online pedophiles and in Spain...

"OK, we'll wait, but the President wants an end to this case..."

"As do we all."

 _Three months later somewhere in the South of France_

Colonel Francois Paras of the Gendarme was nervous. His fate if this went wrong didn't bare thinking about. And if it went right he suspected the lazy fool of an investigating magistrate would get all the credit. In truth he had had to work hard to get the bastard to authorise this investigation and this raid and he certainly didn't want it handed over to the Police Nationale.

The raid on an isolated farmhouse was intended to take Jean-Paul Prepain into custody and secure his computing devices for analysis. Jean-Paul was a suspected hacker, thought to be head of a collective responsible for stealing €0.01 a week from each of 20 million bank accounts around Europe. A sharp eyed employee of a bank in London had spotted an attempt to take £0.0078 from his account and had raised the alarm.

"Allez!" Colonel Paras gave the signal to go.

The Gendamerie advanced on the farmhouse, the lights had been out for a couple of hours and all user based internet activity had ceased at about the same time. It was now about 06:00 and enough light was available for the officers to see where they were going.

The front door was of heavy oak construction. Paras had done his homework though and with the assistance of a couple of English 'lost tourists' had identified weaker doors at each side. The 'lost tourists' were actually a Detective Inspector and her wife, a Police Sergeant, who were holidaying locally. Paras had met the DI at a conference in Prague a year earlier.

Paras had split his force in three. Two entry teams, one for each door, would secure all the occupants of the house then the cyber specialists would go in to secure the devices and any associated paperwork. Any runners would be handled by the local Police who manned the perimeter.

The leader of each of the entry teams had a copy of the search warrant. Luckily the occupants had negleced to lock the doors so entry was effected with ease. The main target was found in bed alone. He was secured and taken to waiting transport. Six desktop computers, four laptops, two games consoles, three tablets and four mobile phones were ceased. Also ceased was a variety of other storage media that included a clutch of USB drives and SD cards found in a plastic bag hidden in one of the toilet cisterns. Also ceased was a variety of custom electronics, mainly based around Atmel ATMega microcontrollers, Arduino boards featured heavily.

A search of the grounds by daylight revealed a reserve set of servers in an outbuilding.

This was clearly a major enterprise.

 _Later that day Gendarme Regional Office Marsaille._

The techs had been working on the servers recovered in the raid for several hours. Other jurisdictions were notified via Europol and Interpol as and when anything that might be of interest to them emerged.

It was about 15:30 when one of the techs noticed the handle 'dUnc3' and contact with the games company revealed an ip address associated with a physical address in New York. The information was associated with a project to build a linux distro on the GameVex console that was probably just about legal, at least as far as the criminal law in France was concerned, but he ran the handle anyway and came up with an FBI alert.

 _Simon Sifter's office_ _12:30_

An alert came up on Simon's computer, they had a possible address for 'dUnc3'! Courtesy of the French!

Simon called Avery into his office.

"The French had a big raid on a farmhouse this morning. They turned up some information that is of interest to us. An address for 'dUnc3'! In New York!"

Avery's mouth opened but no sound came out for a time. In all the time he had known her Simon had never seen anything have this effect before.

"I need a plane to take Elijah and Daniel to New York." she said once she had her mental balance back.

"I'm arranging that as we speak. Not going yourself?" Sifter was typing into his computer.

"Of course I'm going!"

"You only mentioned Elijah and Daniel… "

After Avery had left the office Simon got on the phone to the Director. He was determined to use this to get better equipment and accommodation.

 _NYPD HQ about two hours later._

"Intel suggests the apartment is rented by one Raven Ramirez, 18 years old, originally from Concord New Hampshire. She lives alone. Contact with Police in Concord suggests Ms Ramirez left home two years ago. Her father works for the power company." Avery was briefing the SWAT team that would lead the raid. "Intel also suggests that Miss Ramirez will be home this evening."


End file.
